What is Decentralised Identity?
Decentralised identity, often used interchangeably with “self-sovereign identity” (SSI), is gaining ground as an alternative to today’s centralised and federated infrastructures. In short, it allows individuals to manage their own identities. In a decentralised framework, the user receives credentials from a number of issuers (e.g., government, education, employer) and stores them in a digital wallet. The user presents those credentials to the relevant issuing authority, who then verifies their identity through a blockchain-based ledger that does not store the user’s data. That’s what decentralised identity is, so why do we need it?
For many, today’s personal identity model (how businesses create identities based on the information they gather from their users) doesn’t always work in their favour. Organisations need to collect sensitive and personal data from their users to authenticate their identities but, as long as companies continue to experience data breaches or mishandle information, this is not a model that represents their users’ best interests.
Most of us have a fragmented identity experience online, authenticating separately with a sprawl of service providers; but some are openly disenfranchised. Around 1 billion people worldwide are unable to claim physical or digital ownership of their identity, leaving them unable to actively participate in public services and society's most basic technical advances.
While still in its nascent stages, the decentralised approach to identity promises to give users much more independence, enhance privacy and inspire digital transformation across organisations. In this post, we’ll explore how decentralized identity works in detail, who benefits from it, and where things stand with its development.
What we’re talking about when we talk about decentralised identity
As an emerging field within identity and access management (IAM), decentralised identity has its own set of particular terms that help define the roles and interactions within this model.
- Credentials: information that distinguishes each subject.
- Holder/Wallet: a software repository that manages credentials on behalf of a subject and protects their privacy.
- Issuer: a party that issues access credentials, similar to an identity or OpenID provider.
- Subject: the user or individual who authenticates their identity.
- Verifier: the party or service provider that verifies the validity of a credential. The verifier issues a presentation request to the wallet, which, after gathering user consent, presents the credential to the verifier.
Like with any IAM structure, these components come together to securely facilitate access to critical information while helping to verify a user’s identity.
Decentralisation democratises data and access
More often than not, documented proof of existence is a prerequisite for people to engage in financial, political, social and cultural activities. In fact, proof of identity determines our ability to exercise citizen’s rights and access essential services, including education, healthcare, banking, housing and state support. Meanwhile, displacement, poverty, bureaucracy and lack of education are all factors that get in the way of people obtaining state-issued identity documents that act as a bedrock for access.
Removing the barriers to access
Decentralised identity systems make it significantly easier for users to access this information. By using online, blockchain-based cryptography systems to establish digital wallets, anyone can access this sort of digital identity. Effectively, the only material requirements are an internet connection and use of a smart device – both of which are rising in emerging economies as we continue to bridge the digital divide. As a result, decentralisation projects are a promising philanthropic means of providing widespread digital identities and access to services.
Enhancing user independence
User autonomy is another area where decentralised identity promotes democratisation. When registering for new online services, users traditionally have to provide an array of personal data, which organisations may process, share or sell to third parties. In a decentralised system, users instead receive decentralised identifiers (DIDs) to verify their identities with each service provider. These credentials are secured via private encryption, known only by the user and verifiable with each service provider.
This model accomplishes two things:
- It lets users share only the information that’s relevant and necessary to access each service, and
- It helps to make sure that organisations can access a person’s data only for the purpose of authentication.
As a bonus, users have access to a greater degree of privacy and control over their personal data. But what does this look like in practice? Here’s an example:
- Jane has just migrated to the US without a physical copy of her university diploma. She needs to prove her field of study to receive a confirmed job offer.
- The university issues her a DID credential – in this case, Jane’s diploma – which she then stores in her digital wallet.
- Using the DID credential, Jane presents her diploma to potential employers, who can independently verify its authenticity with the issuing university.
Potential benefits of decentralised identity
We’ve spoken to how decentralised identity offers everyone greater access to services and more control over their data. Beyond that, decentralisation reengineers how data is stored and secured, to the benefit of users, organisations and developers alike.
Benefits to users
In a decentralised system, the wallet acts as a secure repository for user credentials. It protects credentials using encryption and biometrics, requests informed consent from the user each time credentials are requested, and conceals any metadata that could lead to credential tracking. Encrypted, decentralised storage systems like blockchain are impenetrable by design, reducing the risk of an entity gaining unauthorised access in order to steal or monetise user data.
Benefits to organisations
While this improves privacy and security for users, it also helps organisations reduce security risks. Many global organisations are subject to regulations based on how they collect, process, store and transact upon user data – and they face sanctions and penalties even for unknowingly breaking the rules or experiencing data breaches. By collecting and storing less data, organisations simplify their compliance responsibilities and reduce the risks of misusing information and being targeted in opportunistic cyber attacks.
Furthermore, requesting only the necessary credentials for users to prove their identities, in a system where users consent to sharing credentials, encourages a new depth of trust and transparency between organisations and users.
Benefits to developers
For developers, decentralised identity opens the gates to better standards of app design, effectively eliminating the need for passwords or stringent authentication processes. This could allow developers to create more convenient and engaging user experiences, further enriched by participation in an open, standards-based ecosystem. This way, decentralised identity lets organisations form new alliances, which partners can use to securely communicate approved information and provide more efficient user services.
Players in the decentralised identity space
While decentralised identity is still an emerging field, some of the world’s leading organisations are showing the potential it has to increase trust and democratisation. These include big names like Microsoft, IBM and SecureKey, as well as startups like Evernym.
In the background, numerous organisations are working to standardise and shape decentralised identity. The key players here include:
- Decentralised Identity Foundation (DIF): the hub for all development, discussion, and management of initiatives that go towards creating an open, standards-based decentralised identity ecosystem.
- World Wide Web Consortium (W3C): a provider of open standards since the early 2000s, focused on browser development and interoperability.
- Internet Engineering Task Force (IETF): the organisation responsible for standardising core internet technologies, including the main internet protocol suite.
- Hyperledger: the Linux Foundation’s community dedicated to developing frameworks, tools, and libraries for deployments of decentralised ledgers and blockchains.
The future of decentralised identity is still being defined
The decentralised identity space is still in its inception because organisations are attempting to figure out how to deploy this technology at scale and factor in regulatory requirements. Identity is at the core of how decentralized architectures will develop.
New use cases are continually emerging – let’s explore a few.
Within workforce environments, decentralised identity presents an opportunity for organisations to fully go passwordless, by connecting to federated identity infrastructures. This way, organisations could issue digital credentials around a person’s role and department, for instance, which are saved in the employee’s digital wallet, and identity providers verify that information to grant single sign-on to the tools they need. As another workforce use case, DIDs could also be used to inform digital badges to grant appropriate access to physical locations. These intra-organizational scenarios present an easy entry point to experiment with this new technology.
Using decentralised identity within customer settings is still further in the future – we have yet to see many proofs of concept in this area. To date, the largest obstacle would be to enable applications to connect to decentralised identity providers, which would require a significant overhaul of our current consumer landscape. That said, we may see an entry point through social logins, as social media platforms are already supporting their large consumer bases by federating identities and simplifying logins to other applications.
As the industry continues to develop proofs of concept for decentralised identity in government, healthcare, finance and more, the opportunities for decentralised identity continue to grow. Though still in its infancy, it’s an exciting area to watch.